Adobe has released updates for Adobe Acrobat, Reader, and Flash that resolve a total of 42 security vulnerabilities. As many of these vulnerabilities are rated as Critical, it is strongly advised that anyone using these products immediately update them to the latest version.

A vulnerability is rated as Critical when it could allow attackers to remotely execute code on an affected machine. This would allow them to execute almost any command on the remote computer without the knowledge of the owner.  

Adobe Security Update Summary:

APSB17-01 Security Updates Available for Adobe Acrobat and Reader

Adobe has released security updates that resolve 29 vulnerabilities in Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

CVE number: CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2942, CVE-2017-2943, CVE-2017-2944, CVE-2017-2945, CVE-2017-2946, CVE-2017-2947, CVE-2017-2948, CVE-2017-2949, CVE-2017-2950, CVE-2017-2951, CVE-2017-2952, CVE-2017-2953, CVE-2017-2954, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2959, CVE-2017-2960, CVE-2017-2961, CVE-2017-2962, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2966, CVE-2017-2967.

Vulnerability Details:

  • These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2017-2962).
  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-2950, CVE-2017-2951, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2961).
  • These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2942, CVE-2017-2945, CVE-2017-2946, CVE-2017-2949, CVE-2017-2959, CVE-2017-2966).
  • These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2948, CVE-2017-2952).
  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2943, CVE-2017-2944, CVE-2017-2953, CVE-2017-2954, CVE-2017-2960, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2967).
  • These updates resolve a security bypass vulnerability (CVE-2017-2947).

APSB17-02 Security updates available for Adobe Flash Player

Adobe has released security updates that resolve 13 vulnerabilities in Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  

CVE number: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938.

Vulnerability Details:

  • These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2017-2938).
  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937).
  • These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935).
  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931).

Related Articles:

Adobe Patches Six Flash Player Security Bugs, Three Critical

Microsoft March Patch Tuesday Fixes 74 Security Issues

Microsoft February Patch Tuesday Fixes 50 Security Issues

Flash Used on 5% of All Websites, Down From 28.5% Seven Years Ago

Microsoft Releases Windows 10 Insider Build 17134 (RS4) To Include Security Updates